WIP: sepolicy: mostly fixup graphics denials
Still not done, need androidboot.selinux=permissive to get to UI.
~#============= platform_app ==============
~#!!!! This avc is a constraint violation. You would need to modify the attributes of either the source or target types to allow this access.
~#Constraint rule:
~# mlsconstrain file { write setattr append unlink link rename } ((t2 == app_data_file_type -Fail-) or (t2 == appdomain_tmpfs -Fail-) or (l1 eq l2 -Fail-) or (t1 == mlstrustedsubject -Fail-) or (t2 == mlstrustedobject -Fail-) ); Constraint DENIED
~# Possible cause is the source level (s0:c512,c768) and target level (s0) are different.
allow platform_app hal_graphics_allocator_default_tmpfs:file write;
allow platform_app tmpfs:file { read write };
diff --git a/sepolicy/bootanim.te b/sepolicy/bootanim.te
index e8e7494..96fd94b 100644
--- a/sepolicy/bootanim.te
+++ b/sepolicy/bootanim.te
@@ -1 +1,2 @@
gpu_access(bootanim)
+allow bootanim hal_graphics_allocator_default_tmpfs:file { read write };